The R4bb0l0ck file encoder is programmed to scan the machine for available memory disks, and network shared storage that has data associated with software like Microsoft Office, Libre Office, Adobe Acrobat Reader, MySQL, VLC Media Player and Calibre. The threat is reported to use the files ‘hidden-tear.exe,’ ‘R4bb0l0ck.exe,’ and ‘R4bb0l0ck Ransomware.bin’ to facilitate its operation. The RabboLock Ransomware Trojan is programmed to report the IP address, machine GUID, active user account name, and software configuration to its masters before it generates a pair of unique encryption and decryption keys. As all HiddenTear variants do, the R4bb0l0ck Trojan encodes the user’s files using the AES-256 cipher and proceeds to encode the decryption key using the RSA-1024 cipher, which prevents malware researchers from recovering the corrupted data.
This Trojan is another crpto malware which adds the ‘.R4bb0l0ck’ extension to the encoded files. The RabboLock Ransomware is a threat to regular PC users that may open documents attached to spam emails, and lead to a security breach. The programmers responsible for the RabboLock Ransomware have been reported to take advantage of macro scripts embedded into Microsoft Word documents and compromise remote computers.
Our recommendation is be careful while opening email attachments, or fake software products as many malware come bundled with them, or while browsing web sites where scripts may ask you for permission or download something. Immediately terminate such processes or browsers from task manager . Always use Max Total Security to back up your data and Restore when you need it.